Ho, But that does not account for the A ->[TLS] ->B part. I believe that my sample will listen for unencrypted connection only. From: stunnel-users [mailto:[email protected]] On Behalf Of Vincent Deschenes Sent: Thursday, 9 November 2017 3:16 PM To: Igor Gatis <[email protected]>; [email protected] Subject: Re: [stunnel-users] TLS "translation" & 2-way auth You need to have a section in your config file which listen for requests but also have the “client = yes” option with a cert and key like this: [http_a_to_c] client = yes accept = port_number_to_listen_on_server_b connect = server_c_address:443 cert = certificate.crt key = private.key cert and key are the certificate and private key server B uses to identify itself on server C. You could also add more options to specify a trustore to specify which cert coming from server C server B will trust, otherwise server B will simply allow the connection. Good Luck From: stunnel-users [mailto:[email protected]] On Behalf Of Igor Gatis Sent: Thursday, 9 November 2017 1:14 PM To: [email protected]<mailto:[email protected]> Subject: [stunnel-users] TLS "translation" & 2-way auth Consider scenario below: Server A ==TLS==> Server B ==TLS+2WayAuth==> Server C Server A needs to connect to Server C through Server B which runs Stunnel. Server C requires 2-way authentication. I have full control over Server A and Server B and Server C belongs to a third-party. What does Stunnel config should look like?